|
PHP - Activation Form Access Restriction
I have a sign up form to send the activation code to the new user via email.My question is how to restrict the user who is not a member using activation form page in PHP unless their use a sign up form first?
here is my sign up form and activation form:
sign up form
<style type="text/css">
<!-- .style1 { font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 12; } .style5 { font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 16px; font-weight: bold; } .style7 {font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 12px; } --> </style> <form name="form1" method="post" action="email-activation-script.php"> <div align="center"> <p class="style5"> Form Registration </p> <table width="35%" border="0"> <tr> <td class="style7">Username</td> <td class="style7">:</td> <td class="style1"><span class="style7"> <label> <input name="username" type="text" id="username"> </label> </span></td> </tr> <tr> <td class="style7"> Email </td> <td class="style7">:</td> <td class="style1"><span class="style7"> <label> <input name="email" type="text" id="email"> </label> </span></td> </tr> <tr> <td class="style7">Password</td> <td class="style7">:</td> <td class="style1"><span class="style7"> <label> <input name="password" type="password" id="password"> </label> </span></td> </tr> <tr> <td class="style7"> </td> <td class="style7"> </td> <td class="style1"><span class="style7"> <label> <input type="submit" name="Submit" value="Register"> <input type="reset" name="Submit2" value="Cancel"> </label> </span></td> </tr> </table> </div> </form> activation form: <form name="form1" method="post" action="check-activation-script.php"> <div align="center"> <table width="35%" border="0"> <tr> <td>Username</td> <td>:</td> <td><label> <input name="username" type="text" id="username"> </label></td> </tr> <tr> <td>Activation Code </td> <td><label>:</label></td> <td><input name="activation_code" type="text" id="activation_code"></td> </tr> <tr> <td> </td> <td> </td> <td><label> <input type="submit" name="Submit" value="Submit"> <input type="reset" name="Submit2" value="Cancel"> </label></td> </tr> </table> </div> </form> Similar TutorialsHello everybody , This is my first topic here and I hope I will find the solution for my problem. I want to restrict access to file (for exemple: http://www.mysite.com/files/file0000.zip) to a just a specific IP that will be read from the database. And also store all other IPs trying to access this file. Can this be done, maybe through some php and htaccess? Thank you for any help or any other ideas. Hi, I want to restrict my registered user to see video only once per day... Can anyone guide me how can i do this with php??? Thanks hi once again, i got a form that uploads an image, checks formats and all that.. i need to add the filesize restriction. something like this: define ("max_size","20"); //<- 20kb size $size=filesize($_FILES['image']['tmp_name']) if ($size > max_size*1024){ echo "too big filesize"; } else { //...... } how do i put that code, into this code? : <?php $allowedfiletypes = array("jpeg","jpg","gif","png"); $uploadfolder = "uploads/" ; $thumbnailheight = 100; //in pixels $thumbnailfolder = $uploadfolder."thumbs/" ; $action = $_POST['action']; if ($action == "upload") { //echo "<p>Uploading image... " ; if(empty($_FILES['uploadimage']['name'])){ echo '<script type="text/javascript"> {alert("Pasirinkite faila");} </script>'; } else { $uploadfilename = $_FILES['uploadimage']['name']; $fileext = strtolower(substr($uploadfilename,strrpos($uploadfilename,".")+1)); if (!in_array($fileext,$allowedfiletypes)) { echo '<script type="text/javascript"> {alert("Blogas failo tipas");} </script>'; } else { $fulluploadfilename = $uploadfolder.$uploadfilename ; if (move_uploaded_file($_FILES['uploadimage']['tmp_name'], $fulluploadfilename)) { echo '<script type="text/javascript"> {alert("Failas irasytas");} </script>'; $im = imagecreatefromjpeg($fulluploadfilename); if (!$im) { echo '<script type="text/javascript"> {alert("Nepavyko sugeneruoti thumbnail");} </script>'; } else { $imw = imagesx($im); // uploaded image width $imh = imagesy($im); // uploaded image height $nh = $thumbnailheight; // thumbnail height $nw = round(($nh / $imh) * $imw); //thumnail width $newim = imagecreatetruecolor ($nw, $nh); imagecopyresampled ($newim,$im, 0, 0, 0, 0, $nw, $nh, $imw, $imh) ; $thumbfilename = $thumbnailfolder.$uploadfilename ; imagejpeg($newim, $thumbfilename) or die('<script type="text/javascript"> {alert("Nepavyko issaugoti thumbnail");} </script>'); } } else { echo '<script type="text/javascript"> {alert("Nepavyko issaugoti failo");} </script>'; } } } function watermark($original_image,$original_watermark,$destination="") { $image=imagecreatefromjpeg($original_image); list($imagewidth,$imageheight)=getimagesize($original_image); $watermark = imagecreatefrompng($original_watermark); list($watermarkwidth,$watermarkheight)=getimagesize($original_watermark); if($watermarkwidth>$imagewidth || $watermarkheight>$imageheight) { $water_resize_factor = $imagewidth / $watermarkwidth; $new_watermarkwidth = $watermarkwidth * $water_resize_factor; $new_watermarkheight = $watermarkheight * $water_resize_factor; $new_watermark = imagecreatetruecolor($new_watermarkwidth , $new_watermarkheight); imagealphablending($new_watermark , false); imagecopyresampled($new_watermark , $watermark, 0, 0, 0, 0, $new_watermarkwidth, $new_watermarkheight, $watermarkwidth, $watermarkheight); $watermarkwidth = $new_watermarkwidth; $watermarkheight = $new_watermarkheight; $watermark = $new_watermark; } $startwidth = ($imagewidth - $watermarkwidth) / 2; $startheight = ($imageheight - $watermarkheight) / 2; imagecopy($image, $watermark, $startwidth, $startheight, 0, 0, $watermarkwidth, $watermarkheight); if(!empty($destination)) imagejpeg($image,$destination); else imagejpeg($image); } $original_directory = "uploads/thumbs/"; $watermarked_images = "uploads/thumbs/watermarkedthumbs/"; if ($handle = opendir($original_directory)) { while (false !== ($file = readdir($handle))) { /* exif_imagetype checks if our file is a .jpg file. See manual for more info */ if(!is_file($original_directory.$file)) continue; if(exif_imagetype($original_directory.$file)==2) { watermark($original_directory.$file,"watermark.png",$watermarked_images.$file); } } closedir($handle); } } ?> <form name="newad" method="post" enctype="multipart/form-data" action=""> <label for="file" id="label">Pasirinkti failą: </label> <input type="hidden" name="action" value="upload" /> <input type="file" name="uploadimage" id="file"> <input name="Submit" type="submit" value="įkelti" id="submit"> </form> i tried smth like this, but it shows some error ("Warning: filesize() [function.filesize]: stat failed for 1.jpg in") <?php /* $allowedfiletypes = array("jpeg","jpg","gif","png"); $uploadfolder = "uploads/" ; $thumbnailheight = 100; //in pixels $thumbnailfolder = $uploadfolder."thumbs/" ; */ define ("max_size","20"); $size=filesize($_FILES['uploadimage']['name']); /* $action = $_POST['action']; if ($action == "upload") { //echo "<p>Uploading image... " ; if(empty($_FILES['uploadimage']['name'])){ echo '<script type="text/javascript"> {alert("Pasirinkite faila");} </script>'; } else { $uploadfilename = $_FILES['uploadimage']['name']; $fileext = strtolower(substr($uploadfilename,strrpos($uploadfilename,".")+1)); if (!in_array($fileext,$allowedfiletypes)) { echo '<script type="text/javascript"> {alert("Blogas failo tipas");} </script>'; } else { $fulluploadfilename = $uploadfolder.$uploadfilename ; */ if ($size > max_size*1024){ echo '<script type="text/javascript"> {alert("Per didelis failas");} </script>'; } else { /* if (move_uploaded_file($_FILES['uploadimage']['tmp_name'], $fulluploadfilename)) { echo '<script type="text/javascript"> {alert("Failas irasytas");} </script>'; $im = imagecreatefromjpeg($fulluploadfilename); if (!$im) { echo '<script type="text/javascript"> {alert("Nepavyko sugeneruoti thumbnail");} </script>'; } else { $imw = imagesx($im); // uploaded image width $imh = imagesy($im); // uploaded image height $nh = $thumbnailheight; // thumbnail height $nw = round(($nh / $imh) * $imw); //thumnail width $newim = imagecreatetruecolor ($nw, $nh); imagecopyresampled ($newim,$im, 0, 0, 0, 0, $nw, $nh, $imw, $imh) ; $thumbfilename = $thumbnailfolder.$uploadfilename ; imagejpeg($newim, $thumbfilename) or die('<script type="text/javascript"> {alert("Nepavyko issaugoti thumbnail");} </script>'); } } else { echo '<script type="text/javascript"> {alert("Nepavyko issaugoti failo");} </script>'; } } } } function watermark($original_image,$original_watermark,$destination="") { $image=imagecreatefromjpeg($original_image); list($imagewidth,$imageheight)=getimagesize($original_image); $watermark = imagecreatefrompng($original_watermark); list($watermarkwidth,$watermarkheight)=getimagesize($original_watermark); if($watermarkwidth>$imagewidth || $watermarkheight>$imageheight) { $water_resize_factor = $imagewidth / $watermarkwidth; $new_watermarkwidth = $watermarkwidth * $water_resize_factor; $new_watermarkheight = $watermarkheight * $water_resize_factor; $new_watermark = imagecreatetruecolor($new_watermarkwidth , $new_watermarkheight); imagealphablending($new_watermark , false); imagecopyresampled($new_watermark , $watermark, 0, 0, 0, 0, $new_watermarkwidth, $new_watermarkheight, $watermarkwidth, $watermarkheight); $watermarkwidth = $new_watermarkwidth; $watermarkheight = $new_watermarkheight; $watermark = $new_watermark; } $startwidth = ($imagewidth - $watermarkwidth) / 2; $startheight = ($imageheight - $watermarkheight) / 2; imagecopy($image, $watermark, $startwidth, $startheight, 0, 0, $watermarkwidth, $watermarkheight); if(!empty($destination)) imagejpeg($image,$destination); else imagejpeg($image); } $original_directory = "uploads/thumbs/"; $watermarked_images = "uploads/thumbs/watermarkedthumbs/"; if ($handle = opendir($original_directory)) { while (false !== ($file = readdir($handle))) { /* exif_imagetype checks if our file is a .jpg file. See manual for more info */ /* if(!is_file($original_directory.$file)) continue; if(exif_imagetype($original_directory.$file)==2) { watermark($original_directory.$file,"watermark.png",$watermarked_images.$file); } } closedir($handle); } } */ ?> any ideas? thanks How do I make it so if I get the question right, I have access to view the next page? For example, if I get this question right in index-1.php correct, it would take me to index-2.php (like in the script below), but if you don't get the question correct in index-1.php, you cannot have access/view index-2.php. Why I need this? Well, if you change the URL http://--------/index-1.php to http://--------/index-2.php, you can easily go from index-1.php to index-2.php without having to answer the question correctly. index-1.php: <?php if(isset($_POST['submit'])){ $number = $_POST['number']; if ($number == "elephant"){ header("Location: http://localhost/index-2.php"); exit();} } ?> <html> <head> <title>PHP Test</title> </head> <b>LEVEL 1</b> <body> <p> <font face="Courier New">c291cmNl</font> </p> <br/></body> </html> <form action="<?php echo $_SERVER['PHP_SELF'];?>" method="post"> Answer: <!-- "elephant" --> <input type="text" name="number" /><br /> </select> <input name="submit" type="submit"> </form> Thanks Hi all, I have been working on this and maybe you guys can help. All I need to do is be able to open a access form with php. I have tried a couple of diffrent things but nothing is working. What I have right now is $app = new COM("Access.Application"); $app->OpenCurrentDatabase("C:\Documents and Settings\Ian\Desktop\TestData.accdb"); $app->Application->Run("OpenAccForm"); //$app->DoCmd->OpenForm("Test Data"); //$app->Visible = "Yes"; print "Loaded Access, version {$app->Visible}\n"; Any help is appreciated. Right now It opens access but is not viable. I know it is opening access because it is in the processes tab in task manager. i want to share my problem in my website For the better understandng of my website, I want to tell all the details. 1. I have a database and i has a 2 tables 1 for the tbllogin which consist of Username and Department, and the second table is caltbl which i use for the calendar events. 2.When my website run the first webpage is the login form. If the Username and Department is correct she can browse the other webpages, like the calendar event. 3. In the calendar event you can see the calendar and when you click the date theirs a link "new event" appear and if theirs no existing event theres a text saying "No Events", when you click the link you can add events. I want that theirs a specific person that can only add events for the restriction of adding events. I want to happen that if the user is xxx and her department is yyy the link shoud appear and she can add events. i want that only to her the link should be appear.. here is my code: <?php $host = "localhost"; $username = ""; $password = ""; $dbCnx = @mysql_connect($host, $username, $password) or die('Could not Connect to the database'); $dbName = 'dspi'; mysql_select_db($dbName); ?> <script> function goLastMonth(month, year){ // If the month is January, decrement the year if(month == 1){ --year; month = 13; } document.location.href = '<?=$_SERVER['PHP_SELF'];?>?month='+(month-1)+'&year='+year; } //next function function goNextMonth(month, year){ // If the month is December, increment the year if(month == 12){ ++year; month = 0; } document.location.href = '<?=$_SERVER['PHP_SELF'];?>?month='+(month+1)+'&year='+year; } function remChars(txtControl, txtCount, intMaxLength) { if(txtControl.value.length > intMaxLength) txtControl.value = txtControl.value.substring(0, (intMaxLength-1)); else txtCount.value = intMaxLength - txtControl.value.length; } function checkFilled() { var filled = 0 var x = document.form1.calName.value; //x = x.replace(/^\s+/,""); // strip leading spaces if (x.length > 0) {filled ++} var y = document.form1.calDesc.value; //y = y.replace(/^s+/,""); // strip leading spaces if (y.length > 0) {filled ++} if (filled == 2) { document.getElementById("Submit").disabled = false; } else {document.getElementById("Submit").disabled = true} // in case a field is filled then erased } </script> <html> <body> <?php //$todaysDate = date("n/j/Y"); //echo $todaysDate; // Get values from query string $day = (isset($_GET["day"])) ? $_GET['day'] : ""; $month = (isset($_GET["month"])) ? $_GET['month'] : ""; $year = (isset($_GET["year"])) ? $_GET['year'] : ""; //comparaters for today's date //$todaysDate = date("n/j/Y"); //$sel = (isset($_GET["sel"])) ? $_GET['sel'] : ""; //$what = (isset($_GET["what"])) ? $_GET['what'] : ""; //$day = (!isset($day)) ? $day = date("j") : $day = ""; if(empty($day)){ $day = date("j"); } if(empty($month)){ $month = date("n"); } if(empty($year)){ $year = date("Y"); } //set up vars for calendar etc $currentTimeStamp = strtotime("$year-$month-$day"); $monthName = date("F", $currentTimeStamp); $numDays = date("t", $currentTimeStamp); $counter = 0; //$numEventsThisMonth = 0; //$hasEvent = false; //$todaysEvents = ""; //run a selec statement to hi-light the days function hiLightEvt($eMonth,$eDay,$eYear){ //$tDayName = date("l"); $todaysDate = date("n/j/Y"); $dateToCompare = $eMonth . '/' . $eDay . '/' . $eYear; if($todaysDate == $dateToCompare){ //$aClass = '<span>' . $tDayName . '</span>'; $aClass='class="today"'; }else{ //$dateToCompare = $eMonth . '/' . $eDay . '/' . $eYear; //echo $todaysDate; //return; $sql="select count(calDate) as eCount from calTbl where calDate = '" . $eMonth . '/' . $eDay . '/' . $eYear . "'"; //echo $sql; //return; $result = mysql_query($sql); while($row= mysql_fetch_array($result)){ if($row['eCount'] >=1){ $aClass = 'class="event"'; }elseif($row['eCount'] ==0){ $aClass ='class="normal"'; } } } return $aClass; } ?> <div id="Calendar_Event"> <table width="350" cellpadding="0" cellspacing="0"> <tr> <td width="50" colspan="1"> <input type="button" value=" < " onClick="goLastMonth(<?php echo $month . ", " . $year; ?>);"> </td> <td width="250" colspan="5"> <span class="title" style="color:#FFFFFF"><?php echo $monthName . " " . $year; ?></span><br> </td> <td width="50" colspan="1" align="right"> <input type="button" value=" > " onClick="goNextMonth(<?php echo $month . ", " . $year; ?>);"> </td> </tr> <tr> <th>M</td> <th>T</td> <th>W</td> <th>T</td> <th>F</td> <th>S</td> <th>S</td> </tr> <tr> <?php for($i = 1; $i < $numDays+1; $i++, $counter++){ $dateToCompare = $month . '/' . $i . '/' . $year; $timeStamp = strtotime("$year-$month-$i"); //echo $timeStamp . '<br/>'; if($i == 1){ // Workout when the first day of the month is $firstDay = date("N", $timeStamp); for($j = 1; $j < $firstDay; $j++, $counter++){ echo "<td> </td>"; } } if($counter % 7 == 0 ){ ?> </tr><tr> <?php } ?> <!--right here--><td width="50" <?=hiLightEvt($month,$i,$year);?>><a href="<?=$_SERVER['PHP_SELF'] . '?month='. $month . '&day=' . $i . '&year=' . $year;?>&v=1"><?=$i;?></a></td> <?php } ?> </table> </div> <div id="New_Event"> <?php if(isset($_GET['v'])){ if(isset($_POST['Submit'])){ $sql="insert into calTbl(calName,calDesc,calDate,calStamp) values('" . $_POST['calName'] ."','" . $_POST['calDesc'] . "','" . $_POST['calDate'] . "',now())"; mysql_query($sql); } $sql="select calName,calDesc, DATE_FORMAT(calStamp, '%a %b %e %Y') as calStamp from calTbl where calDate = '" . $month . '/' . $day . '/' . $year . "'"; //echo $sql; //return; $result = mysql_query($sql); $numRows = mysql_num_rows($result); $check=mysql_query("SELECT * FROM tbllogin WHERE Username='rhoda.barrera@dunlop.ph' AND Department='MIS'"); if (mysql_num_rows($check)>0){ ?> <a href="<?=$_SERVER['PHP_SELF'];?>?month=<?=$_GET['month'] . '&day=' . $_GET['day'] . '&year=' . $_GET['year'];?>&v=1&f=true">Add Even</a><a href="<?=$_SERVER['PHP_SELF'];?>?month=<?=$_GET['month'] . '&day=' . $_GET['day'] . '&year=' . $_GET['year'];?>&v=1&f=true">t</a><?php }else{ echo 'You cannot Add New Event'; }?> </div> <div id="Cal_Event"> <?php if(isset($_GET['f'])){ include 'calForm.php'; } if($numRows == 0 ){ echo ''; }else{ //echo '<ul>'; echo '<h3>Event Listed</h3>'; while($row = mysql_fetch_array($result)){ ?> <h5><?=$row['calName'];?></h5> <?=$row['calDesc'];?><br/> Listed On: <?=$row['calStamp'];?> <?php } } } ?> </div> </body> </html> I want to perform a php process initiated by AJAX according to the method described in http://www.w3schools.com/PHP/php_ajax_database.asp with this line Code: [Select] xmlhttp.open("GET","getuser.php?q="+str,true); the php process in getuser.php is initiated. But how I can restrict direct access to getuser.php? If someone visit getuser.php?q=something; the process will be started for "something". I want to run the getuser.php process only and only when it is initiated from my main page. I have an index.php file which includes my form and code to move the user's uploaded file to s3. My HTML form calls a js function sendEmails() which makes an AJAX request to another php script dbSystem() to validate the emails input and add it to a database. Everything is working except that the php code in my index.php file (at the very bottom) does not execute. It's supposed to execute when the user uploads a file and presses submit but it doesn't go into the if statement. I tried putting the $fileName = basename($_FILES["fileName"]["name"]) statement before the if statement but I get an undefined index error. I put my a comment in my code to show which if statement I am talking about. This is my HTML code in index.php:
<form action="javascript:void(0)" method="POST" id="files" enctype="multipart/form-data">
<label class="col-md-4 col-form-label text-md-right">Select File: <span class="text-danger">*</span></label>
<input type="file" id="userFile" name="fileName" style="cursor: pointer; max-width: 170px;" onchange="enableBtn()">
<label class="col-md-4 col-form-label text-md-right">Authorized Users: <span class="text-danger">*</span></label>
<input placeholder="Enter e-mail(s) here..." id="req" autocomplete="off"/>
<button id="submitBtn" name="submitBtn" class="<?php echo SUBMIT_BUTTON_STYLE; ?>" onclick="return sendEmails()" disabled>Submit</button>
</form>
This is my php code in index.php:
<?php
$conn = new mysqli($servername, $username, $password, $db);
$sql = "SELECT sender_id, sender_email, receiver_emails, receiver_ids, file_name from filedrop_logs";
$result = mysqli_query($conn, $sql);
if ($result) {
echo "<div class='outputDiv'>";
echo "<table id='sharedOthers'>";
echo "<thead><tr class='headings'>";
echo "<th class='files'>Files</th>";
echo "<th class='users'>Users</th>";
echo "</tr></thead>";
while ($row = mysqli_fetch_assoc($result)) {
$receiverEmails = $row['receiver_emails'];
$fileName = $row['file_name'];
echo "<tbody id='bodyOthers'>";
echo "<tr id='rowOthers'>";
echo "<td>$fileName<br>";
$objects = getListofObjects('FileDrop');
foreach ($objects as $object) {
$file = $object['Key'];
$splits = explode('/', $file);
if (end($splits) !== '') {
$presignedUrl = getPresignedUrlForPrivateFile($object['Key'], '+20 minutes');
$link = '<a href="'.$presignedUrl.'">Download</a>';
echo $link;
}
}
echo " <a href=''>Delete</a></td>";
echo "<td>$receiverEmails</td>";
echo "</tr></tbody>";
}
echo "</table></div>";
}
?>
<?php
//the if statement below doesn't execute
if(isset($_SERVER['REQUEST_METHOD']) && $_SERVER['REQUEST_METHOD'] === 'POST' && isset($_FILES["fileName"])) {
$fileName = basename($_FILES["fileName"]["name"]);
$error = $_FILES["fileName"]["error"];
$tmpName = $_FILES["fileName"]["tmp_name"];
if (isset(fileName) && $fileName != '' && $tmpName != '' && sys_get_temp_dir()) {
$separator = DIRECTORY_SEPARATOR;
$newDir = sys_get_temp_dir() . $separator . "FileDrop" . microtime(true);
if (!file_exists($newDir)) {
mkdir($newDir, 0777, true); // creates temp FileDrop directory
$tempFilePath = $newDir . $separator . $fileName; // creates temp file inside FileDrop directory
if (move_uploaded_file($tmpName, $tempFilePath)) { // moves file to tmp folder
$s3FileName = "FileDrop" . substr($newDir, 4) . $separator . $fileName;
$result = putFileToS3($s3FileName, $tempFilePath, 'public-read');
deleteDir($newDir);
}
}
}
}
?>
This is my js code in case you want to see it:
function sendEmails() {
var fileData = $('#userFile').prop('files')[0];
var formData = new FormData();
formData.append('tags', JSON.stringify(tags));
formData.append('fileName', fileData);
$.ajax({
type: "POST",
url: "../FileDrop/dbSystem.php",
processData: false,
contentType: false,
data: formData,
success: function(result) {
result = JSON.parse(result);
if (result.validity === "valid emails") {
location.reload();
resetInputs(); //IMPORTANT
$(".outputDiv").show();
}
else {
var tagsBrackets = result.emails.toString().replace(/[\[\]']+/g,'');
var tagsQuotes = tagsBrackets.replace(/['"]+/g, '');
var tagsInvalid = tagsQuotes.replace(/,/g, ", ");
$('#alertModal').modal({show:true});
document.getElementById('invalid').textContent = tagsInvalid;
}
}
});
return false;
}
I've been stuck on this for so long, so I'd really appreciate the help!! Hello, A named field in an html form e.g. <input type="text" name="time"> is accessed as $_GET['time'] or $_POST['time'] by the processing script. What about an unnamed field like the one below: <input type="text" value="" id="1" /> How do I harvest this field's input as a variable from my php processing script? Thanks in advance I am developing an elearning website,I have a set of pre-entered PINS in a database. For the user to access courses within my site, this PINS have to be entered and matched to the ones in the database. When they are matched the user can gain access to the courses and the PIN should expire so that it cannot be re-used,i am in desperate need of a php script that can help me achieve that. Hi I was wondering is it possible to get the client's ip when he clicks on an activation link? If yes how? So I'm doing a project and I need to make a successful login form, where it checks in MS Access if the username and password are correct, and if they are the user is taken to a new page. If they are wrong, a message comes up and they stay on the same page. The user should first just see a blank form, but after submit is pressed, it should check if the username and password are correct. IF they are should be taken to a new page. It's been a while since I used php last, so I wasn't quite sure how to tackle this issue. I was wondering if someone could please help me? here is my code. Code: [Select] <html> <head> <style type="text/css"> </style> </head> <body style="text-align:center"> <div id='title'> </div> <?php print_r ($_POST) ; if (isset($_POST['submit'])) { if(isset($_POST['username'])){ $username= $_POST['username'] ; } if(isset($_POST['password'])){ $TABLE= $_POST['password'] ; } $username = null ; $password = null ; $connection = odbc_connect('Olympics', '', ''); if (!$connection) {exit("Conection Failed: " . $connection);} $username = stripslashes($username); $password = stripslashes($password); $sql = "select * from users where users = '$username' and passwords = '$password'"; $rs=odbc_exec($connection,$sql); $count=odbc_num_rows($rs); if ($count == 1) { $_SESSION['loggedIn'] = "true"; header("Location: searchpage.php"); } else { $_SESSION['loggedIn'] = "false"; header("Location: index.php"); echo "Login failed" ; } } echo "<form action='index.php' method='post'> \n" ; echo" Please enter your username and password if you wish. <br/> \n" ; echo "Username: <input type='text' name='username' > \n " ; echo "Password: <input type='password' name='password' > \n" ; echo "<input type='submit' value='Login' name='submit'> <br/> \n" ; echo "<input type='submit' value='You may also continue you as a guest.'> \n" ; ?> </body> </html> Howdy I'm trying to figure out to get a file to call a page on another domain(diffrent server) and check if the activation code matches the one on the activation server. So on the user's server it has a cron job or on load will call my server and run the code in their update.php file against my activation.php file and see if it matches. If($usr == $actv){ //DO THIS }else{ //run disable script } Okay, I got the other parts of this script to input the form information into my database, but this part of the code is not sending the user the activation email. Please Help!? I've attached the complete script for an extra pair of eyes. Thanks /!!!!!!!!!!!!!!!!!!!!!!!!! Email User the activation link !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! $myemail = "admin@knirv.com"; $emess = "First Name: $firstname\n"; $emess.= "Last Name: $lastname\n"; $emess.= "Email 1: $email1\n"; $emess.= "Email 2: $email2\n"; $emess.= "City: $city\nState: $state\nZip/Post Code:$zip\n"; $emess.= "Country: $scountry\n"; $emess.= "Phone number 1: $phone1\n"; $emess.= "Phone number 2: $phone2\n"; $emess.= "Phone number 3: $phone3\n"; $emess.= "Comments: $sendmail"; $ehead = "From: $myemail\r\n"; $subj = "Complete knirv.com registration!"; $mailsend=mail("$myemail","$subj","$emess","$ehead"); //Begin HTML Email Message $message = "Hi $firstname, Complete this step to activate your login identity at knirv.com. Click the line below to activate when ready. http://www.knirv.com/activation.php?id=$id&sequence=$db_password If the URL above is not an active link, please copy and paste it into your browser address bar Login after successful activation using your: E-mail Address: $email Password: $password See you on the site! admin@knirv.com"; //end of message unset($_GET['do']); header("Location: thank_you.php"); break; } $msgToUser = "<h2>One Last Step - Activate through Email</h2><h4>OK $firstname, one last step to verify your email identity:</h4><br /> In a moment you will be sent an Activation link to your email address.<br /><br /> <br /> <strong><font color=\"#990000\">VERY IMPORTANT:</font></strong> If you check your email with your host providers default email application, there may be issues with seeing the email contents. If this happens to you and you cannot read the message to activate, download the file and open using a text editor. If you still cannot see the activation link, contact site admin and briefly discuss the issue.<br /><br /> "; include_once 'msgToUser.php'; exit(); } Hi! Trying to have it send a link to a user's email upon registration, and set it so they can't login until they click the link from their email. Here's the register script: <?php include('config.php'); include('dateindex.php'); if($loggedin == '1') die("You can't register another account while you're logged in."); if(isset($_POST['submit'])) { $callname = mysql_real_escape_string($_POST['callname']); $uname = mysql_real_escape_string($_POST['username']); $password = mysql_real_escape_string($_POST['password']); $email = mysql_real_escape_string($_POST['email']); if((!isset($_POST['username'])) || (!isset($_POST['callname'])) || (!isset($_POST['email'])) || (!isset($_POST['pass'])) || ($uname == '') || ($_POST['pass'] == '')) die("Please fill out the form completely. <br><br> <a href=register.php>Continue</a>"); $check = @mysql_query("SELECT id FROM users WHERE username = '$uname'"); $check = @mysql_num_rows($check); if($check > 0) die("Sorry, that username has already been taken. Please try again. <br><br> <a href=register.php>Continue</a>"); function validateEmailAddress($email) { return filter_var($email, FILTER_VALIDATE_EMAIL) && preg_match('/@.+\./', $email); } if(validateEmailAddress($email) !=1) { echo "That email address does not exist.<br /><br /><a href=register.php>Continue</a>"; exit(); } $pass = md5($_POST['pass']); $date = date("m/d/y"); $a =md5(uniqid(rand(), true)); $newPlayer = @mysql_query("INSERT INTO users (username, password, callname, email, registered, active) VALUES ('$uname', '$pass', '$callname', '$email', '$date', '$a')") or die("Error: ".mysql_error()); if (mysql_affected_rows() == 1) { $body = "Thank you for registering. To activate account click this link"; $body .= "http://localhost/testing/mbactivate.php?x=" . mysql_insert_id() . "$y=$a"; mail($_POST['email'], 'Registration Confirmed', $body, 'From:mirrorcat@airpost.net'); echo '<br />You have been registered! A confirmation email has been sent.'; exit(); } } else { echo '<form action=register.php method=post> Callname: <input type=text name=callname><br> Username: <input type=text name=username><br> Email: <input type=text name=email><br> Password: <input type=password name=pass><br> <input type=submit name=submit value=Submit> </form>'; } ?> login/index: <?php include('config.php'); echo '<center><a href=index.php>Main</a> | <a href=myprofile.php>Profile</a> | <a href=inbox.php>Inbox</a> | <a href=page1.php>To-Do List</a> | <a href=logout.php>Logout</a></center>'; print date('g:i a - l, F jS'); echo '<br /><br />'; ?> <?php if($loggedin == '0') { if(isset($_POST['submit'])) { // Make sure all forms were filled out. if((!isset($_POST['username'])) || (!isset($_POST['pass'])) || ($_POST['username'] == '') || ($_POST['pass'] == '')) die("Please fill out the form completely. <br><br> <a href=index.php>Continue</a>"); // Get user's record from database $player = @mysql_query("SELECT id, username, password, callname, email, registered, lastlogin FROM users WHERE username = '".$_POST['username']."'"); $player = @mysql_fetch_assoc($player); mysql_real_escape_string($username); mysql_real_escape_string($password); if($player['id'] == false) die("Sorry, that user is not in our database.<br><br> <a href=index.php>Back</a>"); else if($player['password'] != md5($_POST['pass'])) die("Wrong password!<br><br> <a href=index.php>Back</a>"); $_SESSION['id'] = $player['id']; $_SESSION['username'] = $player['username']; $_SESSION['password'] = $player['password']; $_SESSION['callname'] = $player['callname']; $_SESSION['email'] = $player['email']; $date = date("m/d/y"); $update = @mysql_query("UPDATE users SET lastlogin = '$date' WHERE id = '".$_SESSION['id']."'"); echo 'You are now logged in!'; } else { echo 'You are not logged in. <br><br> <form action=index.php method=post> Username: <input type=text name=username><br> Password: <input type=password name=pass><br> <input type=submit name=submit value=Submit> </form> Would you like to <a href=register.php>register?</a>'; } } else { echo 'You are logged in! Welcome, '.$_SESSION['callname'].'!'; } ?> <br /><br /> <b>Activate Account</b><br /> <?php // Validate $_GET['x'] and $_GET['y']. if (isset($_GET['x'])) { $x = (int) $_GET['x']; } else { $x = 0; } if (isset($_GET['y'])) { $y = $_GET['y']; } else { $y = 0; } // If $x and $y aren't correct, redirect the user. if ( ($x > 0) && (strlen($y) == 32)) { $query = "UPDATE users SET active=NULL WHERE (id=$x AND active='" . $y . "') LIMIT 1"; $result = mysql_query ($query) or trigger_error("Query: $query\n<br />MySQL Error: " . mysql_error()); // Print a customized message. if (mysql_affected_rows() == 1) { echo "<br><br><h3>Your account is now active. You may now log in.</h3>"; } else { echo '<br><br><p><font color="red" size="+1">Your account could not be activated. Please re-check the link or contact the system administrator.</font></p>'; } // mysql_close(); } else { // Redirect. // Start defining the URL. $url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']); // Check for a trailing slash. if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\') ) { $url = substr ($url, 0, -1); // Chop off the slash. } // Add the page. $url .= '/index.php'; ob_end_clean(); // Delete the buffer. exit(); } // End of main IF-ELSE. ?> My problem is it isn't sending the code to the email specified, even though the random letters that should be sent to the email are stored in the database. And when I test the url anyway, (x=1&y=activationcode) it returns it as false, that the code doesn't exist even though I can clearly see it in my database! Can anyone spot any errors? Hi I have created several php scripts which adds a user to the database and allows them to login aswell. I want an email confirmation link in which the user has to click in order for them to get added to the database. Below is my code any help in what php I put in and where would be most helpful, thanks in advance. Chris *********************************************************************** mainregister.php <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Web Server</title> <link href="css/style.css" rel="stylesheet" type="text/css" /> </head> <body> <table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC"> <tr> <form name="form1" method="post" action="checkregister.php"> <td> <table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF"> <tr> <td colspan="3"><strong>Member Login </strong></td> </tr> <tr> <td width="78">Username</td> <td width="6">:</td> <td width="294"><input name="myusername" type="text" id="myusername"></td> </tr> <tr> <td>Password</td> <td>:</td> <td><input name="mypassword" type="text" id="mypassword"></td> </tr> <tr> <td> </td> <td> </td> <td><input type="submit" name="Submit" value="Register"></td> </tr> </table> </td> </form> </tr> </table> </body> </html> ****************************************************************************** checkregister.php <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Untitled Document</title> </head> <body> <?php $host="localhost"; // Host name $username="root"; // Mysql username $password=""; // Mysql password $db_name="webserver"; // Database name $tbl_name="members"; // Table name // Connect to server and select databse. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); // username and password sent from form $myusername=$_POST['myusername']; $mypassword=$_POST['mypassword']; // To protect MySQL injection (more detail about MySQL injection) $myusername = stripslashes($myusername); $mypassword = stripslashes($mypassword); $myusername = mysql_real_escape_string($myusername); $mypassword = mysql_real_escape_string($mypassword); $sql="INSERT INTO $tbl_name (username,password) VALUES('$myusername','$mypassword')"; $result=mysql_query($sql); echo "Registered to database"; ?> </body> </html> So basically my project is one where the user can log onto my website, and the page then checks if the ID and password are in my table in my microsoft access file. If the username and password are the same, the user continues, if it isnt, then it stays on the same page and says something like "username and/or password are incorrect" or something along the lines of that. the problem is right now im not sure how to make it say "ERROR username and/or password is incorrect" if the username and password dont match. Can someone help me with this? and also make sure if the username and password are correct that it goes to the next page, entitled searchpage.php here is the code Code: [Select] <html> <head> <style type="text/css"> </style> </head> <body style="text-align:center"> <div id='title'> </div> <?php print_r ($_POST) ; if if (isset($_POST['Login'])) { if(isset($_POST['username'])){ $username= $_POST['username'] ; } if(isset($_POST['password'])){ $TABLE= $_POST['password'] ; } $username = null ; $password = null ; $connection = odbc_connect('Olympics', '', ''); if (!$connection) {exit("Conection Failed: " . $connection);} $username = stripslashes($username); $password = stripslashes($password); $sql = "select * from users where users = '$username' and passwords = '$password'"; $rs=odbc_exec($connection,$sql); $count=odbc_num_rows($rs); if ($count == 1) { $_SESSION['loggedIn'] = "true"; header("Location: searchpage.php"); } else { $_SESSION['loggedIn'] = "false"; header("Location: index.php"); echo "Login failed" ; } } echo "<form action='index.php' method='post'> \n" ; echo" Please enter your username and password if you wish. <br/> \n" ; echo "Username: <input type='text' name='username' > \n " ; echo "Password: <input type='password' name='password' > \n" ; echo "<input type='submit' value='Login' name='Login'> <br/> \n" ; echo "<input type='submit' value='You may also continue you as a guest.'> \n" ; echo "</form>" ; ?> </body> </html> Hi all My code give this: <b>Warning</b>: file_exists(): open_basedir restriction in effect. File(/tmp) is not within the allowed path(s): (/home/clients/........ I get the tmp folder and check for its existanse and whether it is writeable
$t=sys_get_temp_dir(); Both gives no which is fine, I can process that. I do it to avoid the output above, but I still get that. How should I check for allowed paths? This runs on several systems where I cannot access php.ini or other system stuff.
my registration script for my website, does sent activation link to newly registered user's for some reason. can some one please help me, i have stay up all-night just to figure out the problem. any help appreciated <?php $from = ""; // Initialize the email from variable // This code runs only if the username is posted if (isset ($_POST['username'])){ $username = preg_replace('#[^A-Za-z0-9]#i', '', $_POST['username']); // filter everything but letters and numbers $gender = preg_replace('#[^a-z]#i', '', $_POST['gender']); // filter everything but lowercase letters $b_m = preg_replace('#[^0-9]#i', '', $_POST['birth_month']); // filter everything but numbers $b_d = preg_replace('#[^0-9]#i', '', $_POST['birth_day']); // filter everything but numbers $b_y = preg_replace('#[^0-9]#i', '', $_POST['birth_year']); // filter everything but numbers $email1 = $_POST['email1']; $email2 = $_POST['email2']; $pass1 = $_POST['pass1']; $pass2 = $_POST['pass2']; $humancheck = $_POST['humancheck']; $email1 = stripslashes($email1); $pass1 = stripslashes($pass1); $email2 = stripslashes($email2); $pass2 = stripslashes($pass2); $email1 = strip_tags($email1); $pass1 = strip_tags($pass1); $email2 = strip_tags($email2); $pass2 = strip_tags($pass2); // Connect to database include_once "scripts/connect_to_mysql.php"; $emailCHecker = mysql_real_escape_string($email1); $emailCHecker = str_replace("`", "", $emailCHecker); // Database duplicate username check setup for use below in the error handling if else conditionals $sql_uname_check = mysql_query("SELECT username FROM myMembers WHERE username='$username'"); $uname_check = mysql_num_rows($sql_uname_check); // Database duplicate e-mail check setup for use below in the error handling if else conditionals $sql_email_check = mysql_query("SELECT email FROM myMembers WHERE email='$emailCHecker'"); $email_check = mysql_num_rows($sql_email_check); // Error handling for missing data if ((!$username) || (!$gender) || (!$b_m) || (!$b_d) || (!$b_y) || (!$email1) || (!$email2) || (!$pass1) || (!$pass2)) { $errorMsg = 'ERROR: You did not submit the following required information:<br /><br />'; if(!$username){ $errorMsg .= ' * User Name<br />'; } if(!$gender){ $errorMsg .= ' * Gender: Confirm your sex.<br />'; } if(!$b_m){ $errorMsg .= ' * Birth Month<br />'; } if(!$b_d){ $errorMsg .= ' * Birth Day<br />'; } if(!$b_y){ $errorMsg .= ' * Birth year<br />'; } if(!$email1){ $errorMsg .= ' * Email Address<br />'; } if(!$email2){ $errorMsg .= ' * Confirm Email Address<br />'; } if(!$pass1){ $errorMsg .= ' * Login Password<br />'; } if(!$pass2){ $errorMsg .= ' * Confirm Login Password<br />'; } } else if ($email1 != $email2) { $errorMsg = 'ERROR: Your Email fields below do not match<br />'; } else if ($pass1 != $pass2) { $errorMsg = 'ERROR: Your Password fields below do not match<br />'; } else if ($humancheck != "") { $errorMsg = 'ERROR: The Human Check field must be cleared to be sure you are human<br />'; } else if (strlen($username) < 4) { $errorMsg = "<u>ERROR:</u><br />Your User Name is too short. 4 - 20 characters please.<br />"; } else if (strlen($username) > 20) { $errorMsg = "<u>ERROR:</u><br />Your User Name is too long. 4 - 20 characters please.<br />"; } else if ($uname_check > 0){ $errorMsg = "<u>ERROR:</u><br />Your User Name is already in use inside of our system. Please try another.<br />"; } else if ($email_check > 0){ $errorMsg = "<u>ERROR:</u><br />Your Email address is already in use inside of our system. Please use another.<br />"; } else { // Error handling is ended, process the data and add member to database //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// $email1 = mysql_real_escape_string($email1); $pass1 = mysql_real_escape_string($pass1); // Add MD5 Hash to the password variable $db_password = md5($pass1); // Convert Birthday to a DATE field type format(YYYY-MM-DD) out of the month, day, and year supplied $full_birthday = "$b_y-$b_m-$b_d"; // GET USER IP ADDRESS $ipaddress = getenv('REMOTE_ADDR'); // Add user info into the database table for the main site table $sql = mysql_query("INSERT INTO myMembers (username, gender, birthday, email, password, ipaddress, sign_up_date) VALUES('$username','$gender','$full_birthday','$email1','$db_password', '$ipaddress', now())") or die (mysql_error()); $id = mysql_insert_id(); // Create directory(folder) to hold each user's files(pics, MP3s, etc.) mkdir("members/$id", 0755); //!!!!!!!!!!!!!!!!!!!!!!!!! Email User the activation link !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! $to = "$email1"; $from = $dyn_www; // $adminEmail is established in [ scripts/connect_to_mysql.php ] $subject = 'Complete Your ' . $dyn_www . ' Registration'; //Begin HTML Email Message $message = "Hi $username, Complete this step to activate your login identity at $dyn_www Click the line below to activate when ready http://$dyn_www/activation.php?id=$id&sequence=$db_password If the URL above is not an active link, please copy and paste it into your browser address bar Login after successful activation using your: E-mail Address: $email1 Password: $pass1 See you on the site!"; //end of message $headers = "From: $from\r\n"; $headers .= "Content-type: text\r\n"; mail($to, $from, $subject, $message, $headers); $msgToUser = "<h2>One Last Step - Activate through Email</h2><h4>$username, there is one last step to verify your email identity:</h4><br /> In a moment you will be sent an Activation link to your email address.<br /><br /> <br /> <strong><font color=\"#990000\">VERY IMPORTANT:</font></strong> If you check your email with your host providers default email application, there may be issues with seeing the email contents. If this happens to you and you cannot read the message to activate, download the file and open using a text editor.<br /><br /> "; include_once 'msgToUser.php'; exit(); } // Close else after duplication checks } else { // if the form is not posted with variables, place default empty variables so no warnings or errors show $errorMsg = ""; $username = ""; $gender = ""; $b_m = ""; $b_d = ""; $b_y = ""; $email1 = ""; $email2 = ""; $pass1 = ""; $pass2 = ""; } ?> Hey php gods! I recently watched a tutorial on how to make a membership system, it all turned out fine n stuff. So i wanted to expand and i found out a way to make a email activation "thingie", by making 2 new rows. 1 called email_code and a second called email_a(a for activate). When the person then registered, he woulld get a email where he should go to a link and write a code that was generate with a rand fuction and placed in the email_code row in the database. Then when the person wrote his username and the code in a form from the link in the email, the email_a would change from 0 to 1 if the username matched to the code he got. (sry for bad english). anyway here is the code: <!DOCTYPE html> <html> <head> <link href="style.css" type="text/css"> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>Activate email</title> </head> <body> <form action="" method="POST"> Username:<input type="text" name="username"> Code:<input type="text" name="activate"> <input type="submit" name="submit" value="aktiver"> </form> <?php include 'connect.php'; $username = $_POST('username'); $activate = $_POST('activate'); $submit = $_POST('submit'); $query = mysql_query("SELECT username AND email_code FROM user"); while ($row = mysql_fetch_assoc($query)){ $dbusername = $row['username']; $dbcode = $row['email_code']; } if ($_POST['submit']){ if ($username==$dbusername&&$code==$dbcode){ mysql_query("UPDATE users SET email_a = '1' WHERE username = '$username' AND email_code = '$activate'"); echo "Du er blevet aktiveret"; } else echo "Forkert data"; } else ?> </body> </html> Hope you can help me MinG |
|||||||